P
US9729679B2ActiveUtilityPatentIndex 71

Using different TCP/IP stacks for different tenants on a multi-tenant host

Assignee: NICIRA INCPriority: Mar 31, 2014Filed: Mar 31, 2014Granted: Aug 8, 2017
Est. expiryMar 31, 2034(~7.7 yrs left)· nominal 20-yr term from priority
Inventors:RAJU NITHIN BCHANDRASHEKHAR GANESAN
H04L 69/163G06F 2009/45595G06F 9/45558H04L 69/161
71
PatentIndex Score
3
Cited by
51
References
20
Claims

Abstract

Multiple TCP/IP stack processors on a host. The multiple TCP/IP stack processors are provided independently of TCP/IP stack processors implemented by virtual machines on the host. The TCP/IP stack processors provide multiple different default gateway addresses for use with multiple processes. The default gateway addresses allow a service to communicate across an L3 network. Processes outside of virtual machines that utilize the TCP/IP stack processor on a first host can benefit from using their own gateway, and communicate with their peer process on a second host, regardless of whether the second host is located within the same subnet or a different subnet. The multiple TCP/IP stack processors can use separately allocated resources. Separate TCP/IP stack processors can be provided for each of multiple tenants on the host. Separate loopback interfaces of multiple TCP/IP stack processors can be used to create separate containment for separate sets of processes on a host.

Claims

exact text as granted — not AI-modified
What is claimed is: 
     
       1. A method of separating tenant data on an electronic computing device that implements a plurality of virtual machines (VMs) for a plurality of tenants, the method comprising:
 implementing a plurality of TCP/IP stack processors, on the electronic computing device, outside of any VMs; 
 for a first set of non-tenant VM processes implemented for a first tenant, sending data from the first set of processes through a first TCP/IP stack processor; and 
 for a second set of non-tenant VM processes implemented for a second tenant, sending data from the second set of processes through a second TCP/IP stack processor, 
 wherein the first and second sets of processes execute outside of any tenant VM. 
 
     
     
       2. The method of  claim 1 , wherein the first TCP/IP stack processor is exclusively used by processes of the first tenant and the second TCP/IP stack processor is exclusively used by processes of the second tenant. 
     
     
       3. The method of  claim 1 , wherein the electronic device implements a user space and a kernel space. 
     
     
       4. The method of  claim 3 , wherein the first set of processes is implemented in the user space. 
     
     
       5. The method of  claim 3 , wherein the first set of processes is implemented in the kernel space. 
     
     
       6. The method of  claim 1 , wherein the first set of processes comprises a mouse, keyboard, screen (MKS) process. 
     
     
       7. The method of  claim 1 , wherein the first set of processes comprises hypervisor service processes. 
     
     
       8. A non-transitory machine readable medium storing a program which when executed by at least one processing unit separates tenant data on an electronic computing device that implements virtual machines (VMs) for a plurality of tenants, the program comprising sets of instructions for:
 implementing a plurality of TCP/IP stack processors, on the electronic computing device, outside of any VMs; 
 for a first set of non-tenant VM processes implemented for a first tenant, sending data from the first set of processes through a first TCP/IP stack processor; and 
 for a second set of non-tenant VM processes implemented for a second tenant, sending data from the second set of processes through a second TCP/IP stack processor, 
 wherein the first and second sets of processes execute outside of any tenant VM. 
 
     
     
       9. The non-transitory machine readable medium of  claim 8 , wherein the first TCP/IP stack processor is exclusively used by processes of the first tenant and the second TCP/IP stack processor is exclusively used by processes of the second tenant. 
     
     
       10. The non-transitory machine readable medium of  claim 8 , wherein the electronic device implements a user space and a kernel space. 
     
     
       11. The non-transitory machine readable medium of  claim 10 , wherein the first set of processes is implemented in the user space. 
     
     
       12. The non-transitory machine readable medium of  claim 10 , wherein the first set of processes is implemented in the kernel space. 
     
     
       13. The non-transitory machine readable medium of  claim 8 , wherein the first set of processes comprises a mouse, keyboard, screen (MKS) process. 
     
     
       14. The non-transitory machine readable medium of  claim 8 , wherein the first set of processes comprises a virtual machine migrator process. 
     
     
       15. An electronic device that implements a plurality of virtual machines (VMs) for a plurality of tenants, the electronic device comprising:
 at least one processing unit; 
 a non-transitory machine readable medium storing a program which when executed by the processing unit keeps the tenant data of each tenant separate from the tenant data of other tenants, the program comprising sets of instructions for: 
 implementing a plurality of TCP/IP stack processors, on the electronic computing device, outside of any VMs; 
 for a first set of non-tenant VM processes implemented for a first tenant, sending data from the first set of processes through a first TCP/IP stack processor to prevent data from being sent to a second tenant; and 
 for a second set of non-tenant VM processes implemented for the second tenant, sending data from the second set of processes through a second TCP/IP stack processor to prevent data from being sent to the first tenant 
 wherein the first and second sets of processes execute outside of any tenant VM. 
 
     
     
       16. The electronic device of  claim 15 , wherein the first TCP/IP stack processor is exclusively used by processes of the first tenant and the second TCP/IP stack processor is exclusively used by processes of the second tenant. 
     
     
       17. The electronic device of  claim 15 , wherein the electronic device implements a user space and a kernel space. 
     
     
       18. The electronic device of  claim 17 , wherein the first set of processes is implemented in the user space. 
     
     
       19. The electronic device of  claim 17 , wherein the first set of processes is implemented in the kernel space. 
     
     
       20. The electronic device of  claim 15 , wherein the first set of processes comprises a mouse, keyboard, screen (MKS) process.

Cited by (0)

No later patents cite this yet.

References (0)

No backward citations on record.